Haven’t done much scripting lately…..
The script for today is made for Ananth Kumar.
He asked me to make an extension to the “enumerate nested groups script” so that multiple nested groups can be enumerated based on an input file.
I did choose Excel for the input file so that i could reuse previous code.

Follow the next steps to run the script (no admin rights needed):

• find the distinguished names of the nested groups (adsiedit.msc)
• put them in an Excel sheet in the first column ans save the sheet as c:\temp\groups.xls
• open your favorite text editor
• copy and paste the script below into the editor (you can use the icons in the upper rights corner of the code)
• save the script (for example c:\temp\enumeratenestedgroupsfromexcelsheet.vbs)
• open a command prompt
• go to “c:\temp”
• give “cscript enumeratenestedgroupsfromexcelsheet.vbs” (without quotes) and enter

The script:

' Name : enumeratenestedgroupsfromexcelsheet.vbs
' Description : script to enumerate nested Active Directory groups from an Excel sheet
' Author : dirk adamsky - deludi bv
' Version : 1.0
' Date : 04-10-2011

Set objExcel = CreateObject("Excel.Application")
Set objWorkbook = objExcel.Workbooks.Open("C:\temp\groups.xls")
intRow = 2
Do Until objExcel.Cells(intRow,1).Value = ""
strGroupDN = objExcel.Cells(intRow, 1).Value
If strGroupDN <> "" Then
wscript.echo strGroupDN
EnumNestedgroup "LDAP://" & strGroupDN
End If
intRow = intRow + 1
Loop
objExcel.Quit
Set objWorkbook = Nothing
Set objExcel = Nothing

Function EnumNestedgroup(strGroupDN)
Set objGroup = GetObject(strGroupDN)
For Each objMember in objGroup.Members
If (LCase(objMember.Class) = "group") Then
EnumNestedgroup objMember.AdsPath
Else
Wscript.Echo objGroup.cn & " ; " & objMember.DisplayName & " ; " & objMember.Mail
End If
Next
Set objGroup = Nothing
End Function

When you have a modified version or problems/questions that you want to share please post it at the comments below.

Happy scripting.

Dirk Adamsky

Today’s script is made for Tyrone.

His question was a script that enumerates all groups and their members from a given OU.
I already had a script that enumerates the members of an OU.
I also had a script that enumerates the members of a nested group (uses recursion).
The 2 scripts combined are the solution for Tyrone.

Follow the next steps to run the script (no admin rights needed):

* open your favorite text editor
* copy and paste the script into the editor
* change the OU distinguished name (in line 7) into your OU distinguished name
* save the script (for example c:\temp\EnumerateGroupsInOu.vbs)
* open a command prompt
* go to “c:\temp”
* give “cscript EnumerateGroupsInOu.vbs” (without quotes) and enter

You can also dump the output to a file:

* give “cscript EnumerateGroupsInOu.vbs > EnumerateGroupsInOu.txt” (without quotes) and enter

To get that file into Excel:

* open Excel
* go to Menu=>Open File
* change file type to “all”
* chose EnumerateGroupsInOu.txt
* chose “;” as separator character

The script:

' Name : EnumerateGroupsInOu.vbs
' Description : script to enumerate all groups and their members from a specific Active Directory OU
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 01-06-2011

Set objOU = GetObject("LDAP://OU=test,DC=test,DC=org")
	For Each objMember in objOU
		If (LCase(objMember.Class) = "group") Then
			EnumNestedgroup objMember.AdsPath
		End If
	Next
Set objOU = Nothing

Function EnumNestedgroup(strGroupDN)
	Set objGroup = GetObject(strGroupDN)
	For Each objMember in objGroup.Members
		If (LCase(objMember.Class) = "group") Then
			wscript.echo objMember.AdsPath
			EnumNestedgroup objMember.AdsPath
		Else
			Wscript.Echo objGroup.Name & " ; " & objMember.DisplayName & " ; " & objMember.Mail &_
			" ; " & objMember.Department &  " ; " &	objMember.Company & " ;  " & objMember.Title
		End If
	Next
	Set objGroup = Nothing
End Function

When you have problems/questions with the script please post a reply.

Happy scripting.

Best regards,

Dirk Adamsky

For most system administrators cleaning up Active Directory is not their favorite thing.
This script helps you by enumerating all empty groups, so you can remove them (manually).

Follow the next steps to run the script (no admin rights needed):

* open your favorite text editor
* copy and paste the script into the editor
* save the script (for example c:\temp\emptygroups.vbs)
* open a command prompt
* go to “c:\temp”
* give “cscript emptygroups.vbs” (without quotes) and enter

The script:

' Name : emptygroups.vbs
' Description : script to enumerate all empty groups
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 18-03-2010
' Level : intermediate

Set objCommand = CreateObject("ADODB.Command")
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
objCommand.ActiveConnection = objConnection

Set objRootDSE = GetObject("LDAP://RootDSE")
strBase = "<LDAP://" & objRootDSE.Get("defaultNamingContext") & ">"
Set objRootDSE = Nothing

strFilter = "(&(objectCategory=group)(!member=*))"
strAttributes = "name"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
objCommand.CommandText = strQuery
objCommand.Properties("Page Size") = 100
objCommand.Properties("Timeout") = 30
objCommand.Properties("Cache Results") = False

Set objRecordSet = objCommand.Execute
Do Until objRecordSet.EOF
	Wscript.Echo objRecordSet.Fields("name").Value
	objRecordSet.MoveNext
Loop

objRecordSet.Close
objConnection.Close

Set objRecordSet = Nothing
Set objConnection = Nothing
Set objCommand = Nothing

When you have problems/questions please post a reply, you can also rate the script.

Happy scripting.

Best regards,

Dirk Adamsky – Deludi BV

This script is a mutation of yesterday’s script.
It searches Active Directory for mail enabled groups with multiple smtp addresses.
By changing the treshold value (i) in line number 39 you can broaden or narrow your searches.

Follow the next steps to run the script (no admin rights needed):

* open your favorite text editor
* copy and paste the script into the editor
* save the script (for example c:tempshowgroupswithmultiplesmtp.vbs)
* open a command prompt
* go to “c:temp”
* give “cscript showgroupswithmultiplesmtp.vbs” (without quotes) and enter

The script:

' Name : showgroupswithmultiplesmtp.vbs
' Description : script to show all groups with multiple smtp addresses
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 23-02-2010
' Level : intermediate

Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection

Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"

strFilter = "(&(objectCategory=group)(mail=*))"
strAttributes = "distinguishedName"

strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False

Set adoRecordset = adoCommand.Execute

Do Until adoRecordset.EOF
	On Error Resume Next
	Set objGroup = GetObject ("LDAP://" & adoRecordset.Fields("distinguishedName").Value)
	arrProxy = objGroup.GetEx("proxyAddresses")
	i = 0
	For Each strMailAddress in arrProxy
		If Lcase(Left(strMailAddress,5))= "smtp:" Then
			i = i + 1
		End If
	Next
	If i >= 2 Then
		strAllMailAddresses = ""
		For Each strMailAddress in arrProxy
			If Lcase(Left(strMailAddress,5))= "smtp:" Then
				strAllMailAddresses = strAllMailAddresses & " ; "  & strMailAddress
			End If
		Next
		Wscript.Echo objGroup.DisplayName & strAllMailAddresses
	End If
	Set objGroup = Nothing
	adoRecordset.MoveNext
Loop

adoRecordset.Close
adoConnection.Close

Set adoRecordset = Nothing
Set objRootDSE = Nothing
Set adoConnection = Nothing
Set adoCommand = Nothing

When you have problems/questions please post a reply.
I also added a rating system yesterday, thank you in advance for your reaction.

Happy scripting.

Best regards,

Dirk Adamsky – Deludi BV